Latest version of OpenVAS can't load 3rd party NVT plugins

gvm-10
duplicate

#1

Hey guys,

I’ve installed Openvas from its git repo. So, I’ve written a NVT plugin like this (Sorry I can’t upload a file):

###############################################################################
# OpenVAS Vulnerability Test
###############################################################################

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.300150");
  script_tag(name:"cvss_base", value:"10.0");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_cve_id("CVE-2008-6598");
  script_version("$Revision: 11 $");
  script_tag(name:"last_modification", value:"$Date: 2008-10-05 12:54:12 +0200 (Fri, 05 Oct 2008) $");
  script_tag(name:"creation_date", value:"2008-04-30 07:59:26 -0400 (Mon, 30 Apr 2008)");
  script_name("FreeBSD Ports: wanpipe");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (c) 2012");
  script_family("FreeBSD Local Security Checks");
  script_dependencies("gather-package-list.nasl");
  script_mandatory_keys("ssh/login/freebsd", "ssh/login/freebsdrel");

  script_tag(name:"insight", value:"The following packages are affected:

  Sangoma Wanpipe 3.3.6");

  script_tag(name:"solution", value:"Update your system with the appropriate patches or
  software upgrades.");

  script_xref(name:"URL", value:"http://freshmeat.net/projects/wanpipe/releases/276026");
  script_xref(name:"URL", value:"https://exchange.xforce.ibmcloud.com/vulnerabilities/49828");

  script_tag(name:"summary", value:"Multiple race conditions in WANPIPE before 3.3.6 have unknown impact and attack vectors related to bri restart logic.");

  script_tag(name:"qod_type", value:"package");
  script_tag(name:"solution_type", value:"VendorFix");

  exit(0);
}



include("revisions-lib.inc");
include("pkg-lib-bsd.inc");

vuln = FALSE;
txt = "";


bver = portver(pkg:"wanpipe");
if(!isnull(bver) && revcomp(a:bver, b:"3.3.6")<0) {
  txt += "Package wanpipe version " + bver + " is installed which is known to be vulnerable.\n";
  vuln = TRUE;
}

if(vuln) {
  security_message(data:txt);
} else if (__pkg_match) {
  exit(99);
}

Consider it as a Hello World! sample. Well, I named it freebsd_wanpipe0.nasl and copied in plugin\2008 directory. After restarting gvm, gsad and openvassd process, I found nothing as an error/warning in their log files, but unfortunately it’s not loaded and I couldn’t see it in FreeBSD Local Security Checks NVT family.


#2

After flushing the redis (nvt cache), I realized that my plugin is loaded to NVT cache :

redis /var/run/redis/redis.sock[1]> keys *wanpip*
1) "filename:2008/freebsd_wanpipe0.nasl"
redis /var/run/redis/redis.sock[1]> dump filename:2008/freebsd_wanpipe0.nasl
"\x0e\x01//\x00\x00\x00\x10\x00\x00\x00\x02\x00\x00\xd05\xd9W\\\x06\x1c1.3.6.1.4.1.25623.1.0.300150\xff\t\x00\x97\xeb+\\a|i\xbe"
redis /var/run/redis/redis.sock[1]> 

Why couldn’t the WEB-UI show my new plugin ? It’s a bizarre issue. :smile:


#3

This topic and the requirements / process on how to add new VTs to GVM was discussed in the thread below. To avoid that two or more threads about the same topic are open i’m closing this here as a duplicate. If you have any further questions please use the thread below:


closed #4